nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-06 22:12:47 -05:00
Code Issues Projects Releases Wiki Activity

Centralised HMAC implementation.

Browse Source 
This replaces all the separate HMAC-implementing wrappers in the
various source files implementing the underlying hashes.

The new HMAC code also correctly handles the case of a key longer than
the underlying hash's block length, by replacing it with its own hash.
This means I can reinstate the test vectors in RFC 6234 which exercise
that case, which I didn't add to cryptsuite before because they'd have
failed.

It also allows me to remove the ad-hoc code at the call site in
cproxy.c which turns out to have been doing the same thing - I think
that must have been the only call site where the question came up
(since MAC keys invented by the main SSH-2 BPP are always shorter than
that).
This commit is contained in:
Simon Tatham
2019-01-20 16:18:49 +00:00
parent d73f692eea
commit baff23cdd6
8 changed files with 251 additions and 361 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
cproxy.c
View File

@ -18,15 +18,8 @@
static void hmacmd5_chap(const unsigned char *challenge, int challen,
const char *passwd, unsigned char *response)
{
ptrlen key = ptrlen_from_asciz(passwd);
unsigned char md5buf[16];
if (key.len > 64) {
hash_simple(&ssh_md5, key, md5buf);
key = make_ptrlen(md5buf, 16);
}
mac_simple(&ssh_hmac_md5, key, make_ptrlen(challenge, challen), response);
smemclr(md5buf, sizeof(md5buf));
mac_simple(&ssh_hmac_md5, ptrlen_from_asciz(passwd),
make_ptrlen(challenge, challen), response);
}
void proxy_socks5_offerencryptedauth(BinarySink *bs)